Hackers accused of stealing Military Police data may be prosecuted under new IT law
By Dialogo September 30, 2013
Brazil’s new law against information technology (IT) crimes – the Carolina Dieckmann Law – may aid in the prosecution of hackers who allegedly broke into the Military Police of Rio de Janeiro’s network and stole the personal data of 50 thousand police officers.
Suspects associated with the Anoncyber & Cyb3rgh0sts hacker groups accessed data in the State Program for Integration and Security and published 8,900 pages containing emails, phone numbers, ID numbers, bank account numbers and home addresses of police officers, prosecutors allege.
When captured, the suspects will be prosecuted within the framework of the new law against IT crimes enacted last April. They face prison sentences ranging from six months to two years as stipulated in Article 154-A of the law. The Delegation against IT Crimes (DRCI) is investigating the case as required since the crime was committed against the government, according to lawyer Gustova Teixeira.
The law also is known as the Carolina Dieckmann law since the actress was a victim of a cyber attack in which photos and personal information were stolen. It criminalizes breaking into electronic devices such as cell phones, laptops, tablets and other products in order to steal personal data, alter existing information or obtain some type of illicit advantage. The sentence includes a fine in addition to prison time.
“We can’t deny that this should have been part of Brazilian law for a long time,” said Renato Opice Blum, a lawyer and president of the Technology Council for Information of the company Fecomercio.
Opice Blum agrees with specialists who attended the V Congress on IT Crimes in Sao Paulo, last month: the law isn’t strict enough and sentences aren't long enough to serve as deterrent for criminals.
“Given the frequent news of ruined lives, companies gone bankrupt and firings because of IT crimes, the sentence for this type of crime is not long enough,” said Opice Blum.
Others worry that criminalizing general IT practices could limit the fundamental rights and freedoms inherent in the Internet.
“The law worries me because there could be broader implications and it could affect the reputation and competitiveness of Brazilian companies and the country in general,” said William Beer, Director General of Information and IT Security at Álvarez and Marsal. “Flexibility is the essence of Internet - the ability to share information to perform research in the broadest way possible,” said Beer.
Internet and IT security issues stretch across geographic and political borders, he said. “Precisely because of this, regulation and legislation to control Internet and related matters are difficult to apply and can become obstacles that do not solve current problems,” explained the specialist.
Before the current law, the only law that to deal with this type of crime dated from the 1940s. Security problems compelled the creation of a new law. Brazil ranks fourth in phishing crime, for example, which in 2012 cost banks $700 million.
During the V Congress on Electronic Crimes, the company Fecomercio presented results from research analyzing the impacts of information theft and IT crime in Brazil. About 33.52 percent of respondents said they were victims of credit card cloning; 17.32 percent reported the theft of personal data; 15.64 percent reported bank account theft during Internet transactions; and 12.85 percent reported purchases from ghost companies. To fight against these problems, William Beer, from Álvarez and Marsal, thinks that a broader approach is necessary.
“Brazil needs a national IT security strategy known by everyone. Its creation requires the participation of a broader group that should include businesses, academia, security forces, multinational companies and consumers,” he said.
“It is important to realize that more technology will not solve the problem but, instead, it will create greater risks because it will increase the level of vulnerability,” Beer said.
The investigation concerning the military police in Rio de Janeiro continues. The group Anoncyber & Cyb3rgh0sts apologized in a note published on Facebook and withdrew the document it had published on Internet. The group claimed it was an isolated action by one of its members and that the group did not support it because it put at risk the lives of police officers